Backed by many of the worlds largest companies for more than a decade SPDX formally becomes an internationally recognized ISOIEC JTC 1 standard during a transformational time for software and supply chain security.

SAN FRANCISCO September 9 2021 The Linux Foundation Joint Development Foundation and the SPDX community today announced the Software Package Data Exchange SPDX specification has been published as ISOIEC 59622021 and recognized as the international open standard for security license compliance and other software supply chain artifacts. ISOIEC JTC 1 is an independent non-governmental standards body.

Intel Microsoft Siemens Sony Synopsys VMware and WindRiver are just a small sample of the companies already using SPDX to communicate Software Bill of Materials SBOM information in policies or tools to ensure compliant secure development across global software supply chains.

SPDX plays an important role in building more trust and transparency in how software is created distributed and consumed throughout supply chains. The transition from a de-facto industry standard to a formal ISOIEC JTC 1 standard positions SPDX for dramatically increased adoption in the global arena said Jim Zemlin executive director the Linux Foundation. SPDX is now perfectly positioned to support international requirements for software security and integrity across the supply chain.

...

Read Full Post

News Link: https://www.linux.com/news/spdx-becomes-internationally-recognized-standard-for-software-bill-of-materials/.
RSS Link: https://www.linux.com/feed/.

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.